Students, staff and partners of universities across the UK who may have had their personal details leaked online are preparing to take legal action against the organisations amidst concerns that more should have been done to protect their data.

Confidential information including names, dates of birth, addresses, phone numbers and email addresses are thought to have been stolen by hackers in the ransomware attack which took place this year on Blackbaud - a cloud computing provider that serves non-profits, foundations, corporations, education institutions and healthcare organisations.

An investigation is currently underway to determine the full extent of the breach, with institutions including the University of Cumbria affected.

Hundreds of site users have since expressed their concern over the breach, and dozens of individuals have now instructed law firm Simpson Millar to begin investigations and to start legal proceedings.

Robert Godfrey, Head of Professional Negligence at Simpson Millar solicitors said the data breach was ‘deeply concerning’.

He says anyone affected by the breach could have a valid claim for damages against the University of Cumbria for the distress caused by the ordeal.

He said: “I am confident any person whose details have been accessed could have a valid claim.

"It is clear there has been of breach of individuals’ right to privacy and the universities are ultimately responsible.

"There is a clear entitlement to compensation for any upset, injury and cost of support and disruption to their lives.

“Many will be anxious and fear they will be targeted at home or work in the future."

A spokesman for the university said earlier this month: “We take data protection very seriously and deeply regret that this data breach has occurred. Blackbaud assures us that the data compromised in this breach did not contain any usernames or passwords, bank account or credit card information."